South Korean sources report an increased tempo of North Korean cyberattacks. The targets are said to be largely defectors and rights groups.
Invincea researchers have discovered flaws in the Mirai IoT botnet-forming Trojan implicated in recent distributed denial-of-service attacks that had widespread effect. The stack buffer overflow flaw could be exploited to crash the attack process. Whether Invincea's discovery could be legally used against Mirai bots is another matter (and Invincea isn't necessarily recommending it, either): such use could constitute the sort of hacking back forbidden by the US Computer Fraud and Abuse Act.
Post mortems on the Dyn DDoS attacks of October 21 focused, properly enough, on users of common IoT devices leaving default factory passwords in place. But there are other issues of IoT security that fixing passwords won't touch—the ease with which such devices can be found through simple Shodan searches would be one; the economic forces driving enterprise users toward remote online management of IoT devices comprise another.
Shame (or, more probably, fear) in the gray market has led HackForums to remove "server stress testing" (generally regarded as a euphemism for DDoS for hire) from its offerings.
US election hacking fears persist; states seem ambivalent about accepted help from the Department of Homeland Security.
An ambiguously worded letter US FBI Director Comey sent Congress Friday suggests the Bureau is reopening investigation of former Secretary of State Clinton's emails.
Observers wonder how former NSA contractor Martin kept his Top Secret clearance as long as he did.